U.S. patent application number 11/511401 was filed with the patent office on 2007-03-29 for encryption/decryption appararus.
This patent application is currently assigned to KABUSHIKI KAISHA TOSHIBA. Invention is credited to Koichi Fujisaki, Atsushi Shimbo, Hideo Shimizu.
Application Number | 20070071235 11/511401 |
Document ID | / |
Family ID | 37893975 |
Filed Date | 2007-03-29 |
United States Patent
Application |
20070071235 |
Kind Code |
A1 |
Fujisaki; Koichi ; et
al. |
March 29, 2007 |
Encryption/decryption appararus
Abstract
A first Exclusive OR circuit operates an Exclusive OR between
input data and a predetermined random number. An operation circuit
performs one operation of encryption and decryption of output data
from the first Exclusive OR circuit. A data register circuit, which
has a plurality of data hold units, holds data from the operation
circuit in one data hold unit of the plurality of data hold units
in response to a selection signal, and supplies the data from the
one data hold unit to the operation circuit. A second Exclusive OR
circuit performs an Exclusive OR between output data from the data
register circuit and the random number. The operation circuit
recursively performs the one operation of the data from the data
register circuit and outputs next data to the data register
circuit.
Inventors: |
Fujisaki; Koichi;
(Kanagawa-ken, JP) ; Shimizu; Hideo;
(Kanagawa-ken, JP) ; Shimbo; Atsushi; (Tokyo,
JP) |
Correspondence
Address: |
FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER;LLP
901 NEW YORK AVENUE, NW
WASHINGTON
DC
20001-4413
US
|
Assignee: |
KABUSHIKI KAISHA TOSHIBA
|
Family ID: |
37893975 |
Appl. No.: |
11/511401 |
Filed: |
August 29, 2006 |
Current U.S.
Class: |
380/28 |
Current CPC
Class: |
H04L 9/003 20130101;
H04L 2209/046 20130101; H04L 2209/12 20130101; H04L 2209/08
20130101 |
Class at
Publication: |
380/028 |
International
Class: |
H04L 9/28 20060101
H04L009/28 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 29, 2005 |
JP |
P2005-285596 |
Claims
1. An encryption/decryption apparatus comprising: a random number
supply unit configured to supply a random number; a first Exclusive
OR circuit configured to perform an Exclusive OR between input data
and the random number; an operation circuit configured to perform
one operation of encryption and decryption of output data from the
first Exclusive OR circuit; a data register circuit having a
plurality of data hold units, configured to hold data from the
operation circuit in one data hold unit of the plurality of data
hold units in response to a selection signal, and to supply the
data from the one data hold unit to the operation circuit; and a
second Exclusive OR circuit configured to perform an Exclusive OR
between output data from the data register circuit and the random
number; wherein the operation circuit recursively performs the one
operation of the data from the data register circuit and outputs
next data to the data register circuit.
2. The encryption/decryption apparatus according to claim 1,
wherein the plurality of data hold units is two data hold
units.
3. The encryption/decryption apparatus according to claim 1,
wherein the plurality of data hold units is equal to or more than
three data hold units.
4. The encryption/decryption apparatus according to claim 1,
wherein the random number supply unit includes a random number
generator configured to repeatedly generate a random number of
which length is shorter than the input data, and a random number
hold unit configured to connect a plurality of random numbers from
the random number generator and to fixedly hold the random number
of which length is equal to the input data.
5. The encryption/decryption apparatus according to claim 1,
wherein the operation circuit executes operation processing of the
output data from the first Exclusive OR circuit at the first
operation time, and executes the operation processing of previous
operated data from the second operation time.
6. The encryption/decryption apparatus according to claim 5,
wherein the random number supply unit fixedly supplies the random
number before the first operation time.
7. The encryption/decryption apparatus according to claim 1,
wherein the first Exclusive OR circuit is included in the operation
circuit.
8. The encryption/decryption apparatus according to claim 1,
further comprising: a selection signal generation unit configured
to repeatedly generate the selection signal in synchronization with
input timing of the data from the operation circuit to the register
circuit.
9. The encryption/decryption apparatus according to claim 8,
wherein the data register circuit holds the data in one data hold
unit selected by the selection signal whenever the data is input
from the operation circuit.
10. The encryption/decryption apparatus according to claim 9,
wherein the data register circuit recursively supplies the data
from the one data hold unit to the operation circuit at each
operation time while an operation completion signal from the
operation circuit is not received.
11. The encryption/decryption apparatus according to claim 10,
wherein the data register circuit outputs the data from the one
data hold unit to the second Exclusive OR circuit in response to
the operation completion signal.
12. The encryption/decryption apparatus according to claim 11,
wherein the second Exclusive OR circuit outputs an operation result
of Exclusive OR between the data and the random number to the
outside.
13. The encryption/decryption apparatus according to claim 1,
wherein, if the input text data is plain text data, the operation
circuit operates encryption of the plain text data and outputs
cipher text data as an encryption result.
14. The encryption/decryption apparatus according to claim 1,
wherein, if the input text data is cipher text data, the operation
circuit operates decryption of the cipher text data and outputs
plain text data as a decryption result.
15. The encryption/decryption apparatus according to claim 1,
wherein the selection signal does not continually indicate the same
data hold unit in the plurality of data hold units.
16. The encryption/decryption apparatus according to claim 1,
wherein the data register circuit resets contents of another data
hold unit not selected by the selection signal in the plurality of
data hold units.
17. The encryption/decryption apparatus according to claim 1,
wherein the data register circuit reverses contents of another data
hold unit not selected by the selection signal in the plurality of
data hold units.
18. The encryption/decryption apparatus according to claim 1,
wherein the data register circuit rewrites contents of another data
hold unit not selected by the selection signal with predetermined
binary data or a random number.
19. An encryption/decryption apparatus comprising: an operation
circuit configured to perform one operation of encryption and
decryption of input data; a data register circuit having a
plurality of data hold units, configured to hold data from the
operation circuit in one data hold unit of the plurality of data
hold units in response to a selection signal, and to supply the
data from the one data hold unit to the operation circuit; wherein
the operation circuit recursively performs the one operation of the
data from the data register circuit and outputs next data to the
data register circuit.
20. The encryption/decryption apparatus according to claim 19,
further comprising: a first Exclusive OR circuit configured to
perform an Exclusive OR between the input data and a predetermined
random number; and a second Exclusive OR circuit configured to
perform an Exclusive OR between output data from the data register
circuit and the predetermined random number.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is based upon and claims the benefit of
priority from prior Japanese Patent Application No.2005-285596,
filed on Sep. 29, 2005; the entire contents of which are
incorporated herein by reference.
FIELD OF THE INVENTION
[0002] The present invention relates to an apparatus for
encrypting/decrypting data by repeatedly executing the same
operation processing.
BACKGROUND OF THE INVENTION
[0003] In general, in a block cipher algorithm such as the DES
method determined by FIPS46-3 (FIPS: Federal Information Processing
Standard), data is encrypted/decrypted by repeating a predetermined
operation processing a predetermined number of times. Concretely,
whenever the operation processing is executed, an operation result
is temporarily stored in a memory means (Ex. Register). The next
operation processing is executed using the current operation
result, and the next operation result is overwritten in the memory
means. Briefly, encryption/decryption is executed while updating
the operation processing stored in the memory means.
[0004] Aim at data change in the memory means is explained. Hamming
distance is represented as a difference between two operation
results continued on a time axis. If there is correlation between
Hamming distance and power consumption, then an attacker reveals
secret information in an encryption/decryption apparatus. And one
method for estimating secret information in the
encryption/decryption apparatus is the DPA (Differential Power
Analysis), which using analysis data for transition of change of
power consumption and data.
[0005] By using the DPA, if a change of the power consumption of a
circuit (having encryption function) or a processor (executing
encryption operation) relates to secret data during operation, the
secret data can be disclosed. The DPA is an attack without a
destroy package. By watching an outside of a chip (or a device), it
is not decided whether key information is extracted with the attack
or not, and it is feared that damage by unauthorized use expands.
Accordingly, in the circuit for encryption, protection against a
DPA attack is necessary.
[0006] One of a countermeasure for the DPA is the data mask method
for hiding any correlation between the power consumption and the
operation data from an attacker. For example, the data mask method
is disclosed in "An implementation of DES and AES, secure against
some attacks", Proceedings of CHES 2001, LNCS 2162, pp. 309-318,
2001.
[0007] In the data mask method, a random number is used as data for
masking. By performing Exclusive OR between data for operation and
data for masking, the data for operation is masked. Briefly, by
masking data with the random number during operation, the attacker
cannot correctly estimate the data on operation. As a result,
secret information in the encryption module cannot be
disclosed.
[0008] In case of executing the DPA protection by the data mask
method, it is desired that a random number of necessary quantity is
always obtained. However, if constraint of the power consumption
and a circuit scale is strict such as an IC card, output data width
of a random number generation circuit need be miniaturized.
[0009] In this case, in order to obtain the random number for
masking from the random number generation circuit, several clocks
are necessary. Furthermore, by relationship between an output data
width of the random number generation circuit and a data width for
masking, operation processing often waits several clock periods.
Briefly, during processing of encryption/decryption, wait time for
generation of random number occurs at each operation.
[0010] Accordingly, in each timing of encryption/decryption,
operation data is masked with the same random number by Exclusive
OR. Hereinafter, "masking" means Exclusive OR between data for
masking and data for operation.
[0011] In case of writing two continuous masked data (Masked Data A
and Masked Data B) into the memory means, Hamming distance of data
is explained. As for the Masked Data a firstly written into the
memory means, Data A being on operation is masked by data ("RN")
for masking. As for the Masked Data B secondly written into the
memory means, Data B being on operation is masked by data ("RN")
for masking.
[0012] The Hamming distance of data in the memory means is the same
as the operation result of Exclusive OR of two written data.
Accordingly, the Hamming distance is represented as follows. The
.times. .times. Hamming .times. .times. distance .times. .times.
.times. of .times. .times. data = Masked .times. .times. Data
.times. .times. A .times. Masked .times. .times. Data .times.
.times. B = ( Data .times. .times. A .times. RN ) .times. ( Data
.times. .times. B .times. RN ) = Data .times. .times. A .times.
Data .times. .times. B .times. RN .times. RN = Data .times. .times.
A .times. Data .times. .times. B ##EQU1##
[0013] In this way, data for masking ("RN") is eliminated. This
corresponds to the change quantity of two continuous data in the
memory means. Therefore if an attacker can correctly estimate the
change quantity (Hamming distance) in the memory means, secret
information can be disclosed and safety cannot be guaranteed.
(Analysis model aiming at Hamming distance of two continuous data
is called a state transition model.)
SUMMARY OF THE INVENTION
[0014] The present invention is directed to an
encryption/decryption apparatus with enhanced security against a
DPA attack while suppressing increase of a number of transistors in
circuit.
[0015] According to an aspect of the present invention, there is
provided an encryption/decryption apparatus comprising: a random
number supply unit configured to supply a random number; a first
Exclusive OR circuit configured to perform an Exclusive OR between
input data and the random number; an operation circuit configured
to perform one operation of encryption and decryption of output
data from the first Exclusive OR circuit; a data register circuit
having a plurality of data hold units, configured to hold data from
the operation circuit in one data hold unit of the plurality of
data hold units in response to a selection signal, and to supply
the data from the one data hold unit to the operation circuit; and
a second Exclusive OR circuit configured to perform an Exclusive OR
between output data from the data register circuit and the random
number; wherein the operation circuit recursively performs the one
operation of the data from the data register circuit and outputs
next data to the data register circuit.
[0016] According to another aspect of the present invention, there
is also provided an encryption/decryption apparatus comprising: an
operation circuit configured to perform one operation of encryption
and decryption of input data; a data register circuit having a
plurality of data hold units, configured to hold data from the
operation circuit in one data hold unit of the plurality of data
hold units in response to a selection signal, and to supply the
data from the one data hold unit to the operation circuit; wherein
the operation circuit recursively performs the one operation of the
data from the data register circuit and outputs next data to the
data register circuit.
BRIEF DESCRIPTION OF THE DRAWINGS
[0017] FIG. 1 is a block diagram of encryption/decryption apparatus
according to one embodiment.
[0018] FIG. 2 is a block diagram of a random number supply unit 12
in FIG. 1.
[0019] FIG. 3 is a block diagram of a register circuit 14 in FIG.
1.
[0020] FIG. 4 is a schematic diagram of a table 40 storing a
plurality of selection patterns.
[0021] FIG. 5 is a time chart among a selection signal of a
selection signal generation unit 16 and masked data stored in data
hold units 33-1 and 33-2.
[0022] FIG. 6 is a block diagram of one bit register circuit in
which a plurality of logical circuits is combined.
[0023] FIG. 7 is another block diagram of the register circuit 14
in FIG. 1.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0024] Hereinafter, various embodiments of the present invention
will be explained by referring to the drawings. The present
invention is not limited to the following embodiments.
[0025] FIG. 1 is a block diagram of an encryption/decryption
apparatus according to one embodiment. The encryption/decryption
apparatus 10 may be any of an encryption apparatus for encrypting
plain text data and generating cipher text data, a decryption
apparatus for decrypting cipher text data and generating plain text
data, and an encryption/decryption apparatus having both functions.
Furthermore, the encryption/decryption apparatus 10 is based on an
encryption/decryption algorithm for repeatedly executing the same
operation processing.
[0026] In the encryption/decryption apparatus 10, plain text/cipher
text data and key data each having a predetermined length are
input, and cipher text/decipher (plain) text data of predetermined
length is output. A data length of plain text/cipher text data and
a data length of key data are determined by the
encryption/decryption algorithm.
[0027] The encryption/decryption apparatus 10 includes an operation
circuit 11, a random number supply unit 12, Exclusive OR circuits
13 and 15, a register circuit 14, and a selection signal generation
unit 16.
[0028] The operation circuit 11 executes a predetermined operation
(based on the encryption/decryption method) with input data, and
outputs the operation result as output data. At start time of
encryption/decryption, plain text/cipher text data from the outside
is regarded as input data. At each time after the start time,
output data (previous operation result) from the operation circuit
11 is regarded as input data. Furthermore, operation of the
operation circuit 11 is affected by the key data.
[0029] The random number supply unit 12 constantly supplies the
same random number in one processing period of
encryption/decryption (a period from input time of plain
text/cipher text data to output time of cipher text/plain text
data).
[0030] FIG. 2 is a block diagram of one example of the random
number supply unit 12. A random number generation unit 21 generates
a random number. A length of the random number generated by the
random number generation unit 21 per one time is shorter than a
length of input data to input to the encryption/decryption
apparatus 10. For example, the random number generation unit 21
generates a random number of eight bits per one time, and
repeatedly generates the random number until a length of random
numbers generated is equal to a length of the input data. The
random number generation unit 21 which generates a random number of
short lengths per one time can be realized with a small package
scale.
[0031] A random number hold unit 22 can hold data having the same
length as the plain text/cipher text data to be input to the
encryption/decryption apparatus 10. Concretely, the random number
hold unit 22 serially connects each random number generated from
the random number generation unit 21 until a length of connected
random numbers is equal to a length of the plain text/cipher text
data, and constantly outputs the (connected) random number having
the equal length.
[0032] In the random number supply unit 12, it takes time to
prepare the random number to be supplied. However, the random
number supply unit 12 can be miniaturized, which is useful for the
IC card.
[0033] In FIG. 1, the Exclusive OR circuit 13 operates Exclusive OR
between input data (plain text/cipher text data) and a random
number from the random number supply unit 12. Briefly, the
Exclusive OR circuit 13 masks input data to be supplied to the
operation circuit 11. Hereinafter, output from the Exclusive OR
circuit 13 is called masked data.
[0034] The register circuit 14 temporarily holds masked data
operated from the operation circuit 11, and supplies the masked
data as next input data to the operation circuit 11. Furthermore,
the selection signal generation unit 16 generates a selection
signal to the register circuit 14. Detail of the register circuit
14 and the selection signal generation unit 16 are explained
afterwards.
[0035] The Exclusive OR circuit 15 operates Exclusive OR between
masked data from the register circuit 14 and the random number from
the random number supply unit 12 by each bit. The Exclusive OR has
characteristic that some data returns to original data by executing
the same Exclusive OR two times. For example, input data to the
encryption/decryption apparatus 10 is masked with the random number
(from the random number supply unit 12) by the Exclusive OR circuit
13, and masked data is input to the operation circuit 11. Operation
result of the masked data from the operation circuit 11 is supplied
to the Exclusive OR circuit 15 through the register circuit 14.
Last, the Exclusive OR circuit 15 operates Exclusive OR between an
operation result of masked data and the same random number (from
the random number supply unit 12). As a result, the operation
result of masked data returns to an operation result of original
data. Briefly, masked data exists between the Exclusive OR circuit
13 and the Exclusive OR circuit 15. In this case, the random number
supply unit 12 supplies the random number only when an operation
completion signal is received from the operation circuit 11.
Furthermore, a clock signal to synchronize with processing is
supplied to the operation circuit 11 and the register circuit 14
(not shown in FIG. 1).
[0036] FIG. 3 is a block diagram of the register circuit 14. The
register circuit 14 includes an input timing control unit 31, two
data hold units 33-1 and 33-2, and a data selection unit 34. The
data hold units 33-1 and 33-2 and the data selection unit 34 are
connected to the selection signal generation unit 16. Furthermore,
the clock signal is supplied to the input timing control unit 31
and the selection signal generation unit 16.
[0037] The selection signal generation unit 16 (located outside of
the register circuit 14) outputs a selection signal indicating one
of the data hold units 33-1 and 33-2 in synchronization with the
clock signal.
[0038] As a method for generating the selection signal, for
example, a table 40 storing a plurality of selection patterns (each
binary line) is prepared as shown in FIG. 4. One selection pattern
is selected from the table 40, and a selection signal corresponding
to the binary of the one selection pattern is orderly generated in
synchronization with the clock signal (For example, "0".fwdarw.the
data hold unit 33-1, "1".fwdarw.the data hold unit 33-2).
Furthermore, by preparing a random number generator of one bit, a
selection signal corresponding to a random number "0/1" may be
orderly generated in synchronization with the clock signal.
[0039] The input timing control unit 31 controls timing to supply
masked data (from the operation circuit 11) to the data hold unit
33-1 or 33-2. This timing is based on the clock signal.
[0040] Based on the selection signal from the selection signal
generation unit 16, masked data from the operation circuit 11 is
written and held in one of the data hold units 33-1 and 33-2.
Briefly, one of the data hold units 33-1 and 33-2 is updated, and
the other of the data hold units 33-1 and 33-2 holds previous data.
In this case, the selection signal is synchronized with the clock
signal. Accordingly, timing to update the masked data is also
synchronized with the clock signal.
[0041] FIG. 5 shows one example of a relationship among the
selection signal of the selection signal generation unit 16, and
contents held in the data hold units 33-1 and 33-2. In case of the
selection signal "0", the data hold unit 33-1 is selected. In case
of the selection signal "1", the data hold unit 33-2 is
selected.
[0042] If the selection signal is "0" (representing the data hold
unit 33-1) at timing T1, Masked Data 1 as an operation result from
the operation circuit 11 is held in the data hold unit 33-1. On the
other hand, the data hold unit 33-2 continually holds Masked Data
0. The Masked Data 0 is a previous operation result from the
operation circuit 11.
[0043] Next, if the selection signal is "1" (representing the data
hold unit 33-2) at timing T2, Masked Data 2 as next operation
result from the operation circuit 11 is held in the data hold unit
33-2. On the other hand, the data hold unit 33-1 continually holds
Masked Data 1 (already held at timing T1).
[0044] Next, if the selection signal is "1" (representing the data
hold unit 33-2) at timing T3, Masked Data 3 as two next operation
result from the operation circuit 11 is held in the data hold unit
33-2. On the other hand, the data hold unit 33-1 continually holds
Masked Data 1 (already held at timing T1).
[0045] Next, if the selection signal is "0" (representing the data
hold unit 33-1) at timing T4, Masked Data 4 as three next operation
result from the operation circuit 11 is held in the data hold unit
33-1. On the other hand, the data hold unit 33-2 continually holds
Masked Data 3 (already held at timing T3).
[0046] The above example shows a method for continually writing
masked data to the same data hold unit. In this case, if a DPA
attack is executed against the data hold unit in which masked data
is continually written, mask is offset and difference between
previous data and current data is found. As a result, secret
information is known and security is not apparently maintained.
However, if continuous writing of masked data does not occur
sequentially, an attacker can not estimate the Hamming distance
correctly. Accordingly, the method shown in FIG. 5 has stability
against a DPA attack. Furthermore, if masked data is orderly
written based on a selection pattern of the second binary line in
FIG. 4, masked data is not continually written to the same data
hold unit. Accordingly, this method has certainly stability against
a DPA attack.
[0047] In the above example, as for the data hold unit not selected
(masked data is not written), non-processing is executed. However,
contents held in the data hold unit not selected may be reset. In
this case, "reset" means that "0" or "1" is written to contents of
the data hold unit. Furthermore, contents held in the data hold
unit not selected may be reversed or replaced with predetermined
binary values or a random number. As a result, masked data
unnecessary for current operation but reflecting past operation
does not remain, and the security of secret information
increases.
[0048] In FIG. 3, based on the selection signal from the selection
signal generation unit 16, the data selection unit 34 selects the
latest operation result (of masked data) held in any of the data
hold units 33-1 and 33-2, and outputs the latest operation result
to the operation unit 11 (or the Exclusive OR circuit 15 at
operation completion timing). In this case, the data selection unit
34 selects one data hold unit 33-1 or 33-2 based on the selection
signal which was used to select the one data hold unit to write the
latest operation result. Accordingly, the latest operation result
of masked data can be read from the one data hold unit.
[0049] The latest operation result of masked data is recursively
supplied to the operation circuit 11 as input data for the next
operation. Furthermore, when the operation circuit 11 outputs an
operation completion signal to the register circuit 14 (not shown
in FIG. 3), the latest operation result of masked data is output to
the Exclusive OR circuit 15. The Exclusive OR circuit 15 operates
Exclusive OR between the latest operation result of masked data and
the same random number (from the random number supply unit 12), and
outputs cipher text/plain text data (final output) to the
outside.
[0050] For example, as shown in FIG. 6, by aligning "n" units of
one bit-register circuit in parallel (combined by logical
elements), the register circuit 14 of "n" bits can be composed. In
FIG. 6, two outputs of one bit register circuit are shown. In this
case, one bit value actually output from any of the two outputs is
used as the output value.
[0051] As mentioned-above, in the present embodiment, in case of
encryption/decryption by repeating the same operation, each
operation result of masked data is selectively written to any of
two data hold units. Accordingly, the random number need not be
changed at operation timing of the operation circuit 11. As a
result, scale of the random number generation unit 21 can be
miniaturized. In other words, if the random number generation unit
is miniaturized only, stability for DPA attack lacks because the
random number generation unit constantly generates the same random
number. However, in the present embodiment, by preparing two data
hold units, each operation result of masked data is selectively
written into any of two data hold units. As a result, lacking of
stability for DPA attack can be overcome.
[0052] Next, application example of the present embodiment is
explained. In the above embodiment, the register circuit 14
prepares two data hold units. However, the register circuit 14 may
prepare a plurality of data hold units equal to or more than three
data hold units. FIG. 7 is one application example of the block
diagram of the register circuit 14. As shown in FIG. 7, three data
hold units 33-1, 33-2, and 33-3 are prepared. In comparison with
FIG. 3, different point with the three data hold units is as
follows.
[0053] (1) The selection signal is changed to select one of the
three data hold units.
[0054] (2) The data selection unit 34' selects one of masked data
stored in the three data hold units based on the selection
signal.
[0055] As for point (1), in the table of FIG. 4, the selection
signal is generated in correspondence with not one bit but two
bits. As for point (2), any of three data hold units is selected by
three values in four values represented by the two bits. In case of
three data hold units, selection of one from three data hold units
to write masked data is more complicated than two data hold units.
Accordingly, stability against DPA attack increases.
[0056] In FIG. 1, the Exclusive OR circuit 13 is located outside of
the operation circuit 11. However, the Exclusive OR circuit 13 may
be included in the operation circuit 11. In this case, when plain
text/cipher text data is input to the operation circuit 11, the
plain text/cipher text data is firstly operated with the random
number by Exclusive OR. Alternatively, after some preprocessing is
executed to the plain text/cipher text data, the plain text/cipher
text data may be operated with the random number by Exclusive
OR.
[0057] Other embodiments of the invention will be apparent to those
skilled in the art from consideration of the specification and
practice of the invention disclosed herein. It is intended that the
specification and examples be considered as exemplary only, with
the true scope and spirit of the invention being indicated by the
following claims.
* * * * *